Operations: SOPs, Quality Records, ISO Compliance

ISO certification audits (9001 Quality, 14001 Environment, 45001 OH&S, 27001 Information Security) have one structural commonality: they want controlled documents with version evidence, approval evidence, distribution evidence, and review-cycle evidence. Papyrus delivers all four out of the box.

Controlled documents in Papyrus

A controlled document is one where:

• The current version is authoritative (no parallel copies)
• Previous versions are retained but visibly superseded
• Each version has documented author, reviewer, approver, and effective date
• Holders of obsolete copies are identifiable
• Periodic review is scheduled and tracked

In Papyrus, document templates can be marked as “Controlled”. When set:

• Version history is mandatory (no draft-edit-overwrite cycle)
• Each version has a workflow-driven approval cycle before release
• Distribution is via permissioned access, not file copy
• Review reminders fire on the configured cadence (typically annual)

The SOP lifecycle

1. Draft — Author drafts in Papyrus (Word/PDF), saves as Draft version
2. Review — Workflow to subject matter expert(s) for technical review
3. Approve — Quality Manager + Department Head approve for release
4. Release — Document goes from Draft to Active; previous versions auto-archived
5. Acknowledge — Affected staff receive the new version and acknowledge readership (captured as workflow)
6. Review cycle — Annual review reminder fires; review cycle starts

Quality records

Quality records (inspection reports, test certificates, deviation reports, corrective action plans) inherit the same controls. Additionally:

• Each record is linked to the SOP it conformed to (or deviated from)
• Records are linked to the batch / equipment / process they apply to
• Records are retention-tagged per ISO + regulatory requirement (typically 7-10 years)

The audit-day experience

When the ISO auditor comes:

1. Hand them the Auditor role
2. They run a search for the certified scope's documents
3. They request the current SOP for any process; Papyrus shows version, approver, date, acknowledgement log
4. They request a quality record for a specific batch; Papyrus shows the record, the SOP it conformed to, and any deviation reports
5. They check the review cycle; Papyrus shows past reviews and the next scheduled

Most audits that previously took a week now take a day.

Related reading

• Becoming a Data-Driven Operations Team
• Manufacturing: Quality, Safety and Production Records
• The CIO's Guide to Document Security